Security and Compliance.

Mambu maintains an Information Security Management System (ISMS) according to ISO/IEC 27001–the de-facto standard in information security–to proactively manage information security risks and review the effectiveness of our technical and organizational controls via internal and external audits.

Mambu has obtained an Independent Service Auditor Report, according to SSAE-18/SOC 1 and ISAE-3402 standards, to provide additional assurance on the Design, Implementation, and Operating Effectiveness of the internal controls that are relevant to our customers’ financial statements or internal controls over financial reporting.

Audit reports can be obtained through Customer Portal or upon request under a non-disclosure agreement.

We are member of the AWS Partner Network in the Financial Services Competency program. Mambu was audited in the AWS Well Architected Program to ensure we deploy security best practices: encryption in transit and at rest, identity and access management, and many others available on the AWS platform.

Customer data is processed in state of the art data centers of AWS, assured by a vast amount of related certifications, providing confidence to run regulated workloads.

Financial regulators across many regions approved outsourcing of regulated financial workloads to Mambu.

Our customers are GDPR compliant by providing relevant features to comply with data subject rights. We ensure personal data doesn't leave the customer's jurisdiction or, if it does, we provide assurances of adequate data protection outside of customer jurisdiction.

We always ensure our customers and regulators can execute their supervisory function and have effective audit rights to Mambu’s business premises, processes and supply chain.

Our customers can choose to have a dedicated Mambu deployment that is not shared with other Mambu customers, giving them further control over the environment and increase the isolation required by financial regulators.

We offer SLAs for uptime and resolution times on customer inquiries. Our disaster recovery procedures and business continuity plans are regularly tested. And our SaaS solution is cloud-agnostic and has no vendor lock-in with any specific cloud vendor.

The Mambu platform provides APIs to implement the PSD2 regulation, allowing financial institutions to give third-party vendors access to end-customer data.

Security is embedded in all stages of the software development lifecycle (SDLC) at Mambu – from requirements engineering, programming and QA to deployment, monitoring, alerting and incident management.